CIRCUIT AND METHOD FOR THE SECURING OF A COPROCESSOR 
DEDICATED TO CRYPTOGRAPHY 

Field of the Invention 

The present invention relates to 
cryptography, and, more particularly, the invention 
relates to a circuit and a method for securing the 
loading of a digital key and/or message to be encrypted 
or decrypted. 

Background of the Invention 

The field of the invention is cryptology. 
Cryptology can be defined as the science of concealing 
information. It is, along with the physical security 
of the components and of exploiting systems, a critical 
characteristic of chip card security. 

Cryptology encompasses both cryptography, 
which is the art of encrypting and decrypting messages, 
and cryptanalysis which is the art of breaking secret 
codes. The encryption of messages includes the 
conversion of information by a secret convention. The 
conversion function constitutes the cryptographic 
algorithm whose secret lies in parameters known as 
keys. The reverse operation, which is the decrypting 
of the message, requires a knowledge of these keys. 

In chip cards, cryptography implements 
various mechanisms aimed at ensuring either the 



-2- 

conf identiality of the information or the 
authentication of the cards or users or again the 
signature of the messages. All the means implementing 
cryptography form a cryptography system. 
5 Figure 1 is a simplified diagram of a typical 

cryptography system. In this figure, a non-encrypted 
message is transmitted from a transmission unit 1 to a 
reception unit 2 in the form of an encrypted message. 
In the transmission unit 1, the non-encrypted message 
10 is converted by an algorithm A which is a function of 
an encryption key CI. In the reception unit 2, the 
information received is decrypted by a reverse 
H n algorithm A 1 which uses a decryption key C2 in order 

^{j to recover the non-encrypted message. In this specific 

j;fl 15 case, i.e. when an encryption and decryption algorithm 

is used, the encryption key and the decryption key are 
m identical. A message can thus be transmitted between a 

j;^ sending unit and a reception unit on an unsecured 

l : y channel. Only an authorized user holding the secret 

20 decryption key can decode the encrypted message. 
O The decryption operation implies that the 

encryption algorithm is a reversible algorithm. This 
condition is not necessary for example during an / 
authentication operation. Indeed, certain 
2 5 authentication mechanisms use one and the same 

algorithm at both the sending and the reception of a 
message. The choice of an encryption algorithm for a 
chip card depends on the type of security service 
expected, the performance and above all the cost of the 
30 resources needed to install this algorithm. This cost 
depends on the size of the RAM and ROM type memories. 

Indeed, the use of bulky algorithms very 
quickly increases the price of chip cards. An 
encryption algorithm widely used in chip cards is the 
35 DES (Data Encryption System) algorithm according to the 



ISO/ANSI standard. An algorithm of this kind requires 
two data inputs (the encryption or decryption key and 
the information to be encrypted or decrypted) and 
produces a piece of output data (the result of the 
processing by the algorithm) . The size of the signals 
coming from the encryption algorithm is generally 64 
bits. The non-encrypted message may be converted into 
an encrypted message of the same length or of a 
different length, for example by combining data blocks, 
stringing them and thus enabling identical data blocks 
to be encrypted differently. 

There are symmetrical cryptography systems: 
these are cryptography systems making use of encryption 
and decryption algorithms whose encryption and 
decryption keys are identical. When the encryption and 
decryption keys are different, the cryptography system 
is called asymmetrical. Other cryptography systems 
exist, especially cryptography systems with zero 
knowledge input. 

Symmetrical algorithms raise problems of key 
management. Indeed, when a large number of users forms 
part of a network, each of them should have a 
personalized key since one key for all would endanger 
the whole system if it ever got compromised. Since it 
is impractical and risky to store all the keys, the 
method lies in diversifying them by a master key and an 
identifier for each card. The master keys need to be 
particularly well protected and may be contained in a 
security module or a card known as a mother card 
possessed by the sender of the cards. 

Figure 2 illustrates an exemplary dynamic 
verification of the validity of an operation for 
decrypting a digital message transmitted in encrypted 
form. In this figure, a random number NA is encrypted 
by an encryption algorithm A that brings an encryption 
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key CI into operation. An encrypted message MC thus 
created is transmitted to a chip card 20. A 
microcomputer 21 of the chip card 20 decrypts the 
encrypted message by a reverse decryption algorithm A" 1 
5 and a decryption key C2 which, in practice, is 

identical to the encryption key CI. A number R is the 
result of this decryption operation. A test module 22 
makes it possible to retrieve the number R and compare 
it with the initially sent number NA. The chip card 
10 20, which has performed the operation of decrypting 

the encrypted message MC, is considered to be authentic 
if the number NA is equal to the number R. Only an 
authentic card is capable of retrieving the number NA 
by using its secret key. 
15 The digital keys used by the electronic 

components to encrypt or decrypt messages, especially 
CO in chip card microcomputers, are therefore essential 

for .the confidentiality of the data elements conveyed. 
| ! y Anybody possessing the digital key associated with an 

H 20 encryption algorithm or decryption algorithm can access 

f!S data not intended for him or her. 

O 

The conventional system that uses these 
digital keys still has a few weaknesses in terms of 
achieving security, for example during the loading of a 

25 digital key used for the encryption or decryption of a 
digital message. An example of such a situation is 
given in Figure 3. Figure 3 shows an electronic 
circuit 3 loading an encryption or decryption digital 
key into the registers of a coprocessor dedicated to 

30 cryptography. 

In Figure 3, a memory module 30 is connected 
to a battery of input/output registers 32 by a two-way 
link 31. The battery of input/output registers 32 
include elementary registers which, for example, have a 

35 memory capacity of one eight-bit byte (hereinafter, in 
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the present document, the term "byte" shall be defined 
as an eight-bit byte) . A multiplexer 34 distributes 
the data contained in the battery* of input/output 
registers 32 between elementary registers of an input 
5 register 36 and a key register 38. A control module 40 
manages all the operations performed by the memory 
module 30, the battery of input/output registers 32 and 
the multiplexer 34. The control module 40 furthermore 
ensures that the data elements to be encrypted or 
10 decrypted sent by the memory module 30 are transmitted 
into the input register 36 by a first communication bus 
Bl and that the data relative to the digital key is 
transmitted into the key register 38 by a second 
communications bus B2 . 
15 There are several possible types of operation 

for the transmission of data from the battery of 
'S' input/output registers 32 to the input register 36 and 

the key register 38. A first mode of transmission may 
be the following: all the elementary registers of the 
20 battery of input/output registers 32 are filled with 
data elements coming from the memory module 30. Only 
then is the totality of the information contained in 
the battery of input/output registers 32 transmitted 
into each of the appropriate elementary registers of 
25 the input register 36 or, as the case may be, into each 
of the appropriate elementary registers of the key 
register 38. 

Another possible mode of transmission is the 
following one: whenever a register of the battery of 
30 input/output registers is loaded from the memory module 
30, it is immediately transmitted through the 
multiplexer 34 to an appropriate elementary register of 
the input register 36 or the key register 38. In any 
case, a processing module 42 working by an encryption 
35 or decryption algorithm requires all the data, 
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pertaining to the message to be processed, that is 
contained in the input register 36 and all the data, 
pertaining to the digital key, that is contained in the 
key register 38. The working of the processing module 
5 is also managed by the control unit 40. 

The message to be processed and the digital 
key are transmitted to the processing module 42 
respectively from the input register 36 and from the 
key register 38, respectively by a link 41 and a link 
10 43. With all these data elements, the processing 
module 42 is capable of transmitting a message 
processed into an output register 44 by means of a link 

?:ssf 

;B 45 . The data elements contained in the output register 

p 44 can then be transmitted to the memory module 3 0 

15 through the multiplexer 34, the battery of input/output 
IR registers 32 and a third communications bus B3 which 

* M exchanges data between the output register 44 and the 

Q multiplexer 34. 

!Jf A circuit of the kind described in Figure 3 

h --4 20 poses a problem of external visibility. Indeed, a 

O 

;X measurement of the electrical signals revealing 

information exchanges between different parts of the 
circuit could enable access to confidential information 
that plays a role in the protection of data by the 

25 encryption or decryption system. 

Indeed, when the digital key is being used by 
a certified component (such as a chip card), the 
digital key could become visible to a certain degree 
through the study of such electrical signals. The 

30 sensitive electrical signals may be observed on 

electrical links or communication buses, especially 
between the memory module 30 and the battery of 
input/output registers 32, as well as between the 
battery of input/output registers 32 and the 

35 multiplexer 34, between the multiplexer 34 and the 
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different input registers 36, key registers 38 and 
output registers 44 or again between the different 
input and output registers and the processing module 
42. 

5 The digital key may thus be discovered as a 

result of an accumulation of measurements of the 
electrical signals referred to here above and a 
statistical study of these measurements. The component 
may for example use the digital key in the situation 
10 shown in Figure 3. For example, in the case where the 
component performs an encryption operation, to perform 
^ an operation of this kind, the component needs to load 

UJ the encryption key from an internal memory module. It 

m may thus be authenticated as being a legitimate 

(P 15 component entitled to perform the operation. Thus, if 

~ the component is observed when it is known to be 

IB performing an operation to load the key, then it is 

j«3 possible, by recording the information conveyed by the 

I'U electrical signals brought into play, to arrive at 

lj 20 knowledge on the digital encryption key. Once this key 

O is known, it is very easy to reproduce the behavior of 

the legitimate component and subsequently perform 
operations initially prohibited to some user or 
another . 

25 Another exemplary case may pose a problem on 

the visibility of the information flowing in the form 
of electrical signals. Indeed, apart from information 
on the digital key, it is also possible, by the study 
of certain electrical signals, especially between the 

30 output of the processing module and the memory module, 
to know the processed result recovered by the component 
in its memory module. The knowledge of only the 
encryption or decryption result, possibly in 
association with the knowledge of the original message 

35 to be encrypted or decrypted, may be enough to thwart 
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the security provided by the confidentiality of a 
digital key. Indeed, it is enough to send a component 
the processed result expected as a function of the 
initial message to enable the performance of operations 
5 that were not authorized at the outset. 



Summary of the Invention 

It is an object of the present invention to 
overcome the problems that have just been described. 
To this end, the invention provides an electronic 
10 circuit for the securing of a coprocessor dedicated to 
j (a% cryptography that ensures the non-visibility, with 

U3 respect to a study of electrical signals during data 

transfers, of the digital key or of the result of an 
encryption or decryption operation. 
15 To achieve these goals, the invention 

5B includes the use of an additional register, called a 

scrambling register, in the battery of input/output 
registers 32 of the circuit described in Figure 3. 
This additional register is filled by what are called 
20 scrambling bits, randomly at instants also chosen 

randomly during the loading of the digital key into the 
battery of input/output registers. A random factor is 
thus introduced. This random factor enables the 
elimination of a part of the visibility, to the outside 
25 world, of the behavior of the component and therefore 
of . the data elements that it is processing. An 
analysis of the electrical signals associated with the 
data elements being processed can no longer be 
effective in obtaining possession of confidential 
30 information. 

The loading of the scrambling register is a 
dummy operation that has no effect on the loading of 
the data essential to the operation of the encryption 
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or decryption operations. The loading of very highly 
sensitive data is thus secured. 

The invention relates to an electronic 
circuit for the securing of a coprocessor dedicated to 
5 cryptography comprising a memory module, a battery of 
input/output registers connected to the memory module 
by a two-way link, and a multiplexer to carry out a 
transfer of data between the battery of input/output 
registers and an input register or a key register. The 
10 input register and the key register respectively 

receive the data elements of a message to be processed 
by an encryption or decryption operation and the data 
v3 elements of an encryption or decryption digital key. 

!;» The circuit also includes a processing module 

Eft 15 to perform an encryption or decryption operation 

list. 

l n accepting, at a first input, the messages to be 

iiS processed contained in the input register and, at a 

r=* second input, the digital key contained in the key 

IV register to process the message to be processed. Also, 

lj 20 a control module is included to manage the operations 

0 performed by the memory module, the battery of 

input/output registers, the multiplexer and the 
processing module. Furthermore, the circuit has an 
output register to transmit the result of an encryption 
25 or decryption operation to the battery of input/output 
registers through the multiplexer. The battery of 
input/output registers comprises a scrambling register 
to receive scrambling bits foreign to the message to be 
encrypted or decrypted and/or to the digital key. 
30 According to one embodiment of the invention, 

the circuit includes an accessory input register 
connected to the processing module and to the 
multiplexer to receive the scrambling bits sent 
directly by the processing module or coming from the 
35 memory module. The phrase "scrambling bits coming from 



the memory module" is understood to mean the scrambling 
bits could have been transmitted to other elements of 
the circuit before reaching the accessory input 
register . 

According to one particular embodiment, the 
circuit according to the invention includes the 
scrambling bits being generated randomly by the memory 
module or the processing module. In the preferred 
applications of the invention, the scrambling bits are 
produced in the form of eight-bit bytes. 

Another object of the invention is to provide 
a method for the securing of a coprocessor dedicated to 
cryptography comprising the steps of: transmitting data 
by a two-way link from a memory module to a battery of 
input /output registers, transmitting, through a 
multiplexer, from the battery of input/output registers 
respectively to an input register and to a key 
register, respectively data corresponding to a message 
to be processed by an encryption or decryption 
operation and data corresponding to an encryption or 
decryption digital key, and processing the message to 
be processed by a processing module accepting, at a 
first input, the data elements coming from the input 
register and, at a second input, the data elements 
coming from the key register and giving the data 
elements corresponding to the processed message to the 
output register. The method according to the invention 
also includes the step of the transmission, to a 
scrambling register of the battery of input/output 
registers, of the scrambling bits foreign to the 
message to be processed and the transmission, to the 
digital key, of the scrambling bits being sent directly 
by the memory module or coming from the processing 
module . 
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According to one embodiment of the invention, 
the scrambling bits are transmitted into an accessory 
register connected to the processing module and to the 
multiplexer to receive the scrambling bits sent 
5 directly by the processing module or coming from the 
memory module. According to a particular application 
of the method according to the invention, the 
scrambling bits are transmitted randomly. According to 
another particular embodiment of the method according 
10 to the invention, scrambling bits are sent to the 

scrambling register whenever a digital key is loaded 
into the battery of input/output registers. 



Brief Description of the Drawings 

The different aspects and advantages of the 
in 15 invention shall appear more clearly from the following 

fe description, made with reference to the appended 

O drawings, which are given purely by way of non-limiting 

examples of the invention, and are introduced here 
below : 

20 Figure 1 is a simplified diagram of a 

conventional cryptography system; 

Figure 2 illustrates a conventional example 
of dynamic verification of the validity of the 
encryption of a message transmitted after encryption; 
25 Figure 3 illustrates a conventional 

electronic circuit loading a digital key into the 
registers of a coprocessor dedicated to the encryption 
of data elements; and 

Figure 4 illustrates an electronic circuit 
30 according to the invention obtaining the secured 
loading of a digital key into the registers of a 
coprocessor dedicated to cryptography. 
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Detailed Description of -the Preferred Embodiments 

Figure 4 shows the same elements as in the 
electronic circuit described in Figure 3: a memory 
module 30, a battery of input/output registers 32, a 
5 multiplexer 34, an input register 36, a key register 

38, a control module 40, a processing module 42, and an 
output register 44. The figure also shows the same 
electrical links or communication buses as in the 
circuit described with reference to Figure 3. 
10 The circuit according to the invention can be 

distinguished from the prior art circuit shown in 
Figure 3, by the presence of an additional register 50, 
*5 called a scrambling register, in the battery of 

J>4 input/output registers. Unlike the other registers of 

p 1 15 the battery of input /output registers, the scrambling 

register 50 is not designed to receive data elements 
pertaining to the message to be processed or to the 
digital key. The scrambling register 50 is designed to 
receive a certain number of bits called scrambling bits 
20 that are designed to secure the loading of a digital 
key or a processed message into the battery of 
input/output registers 32. 

In one particular embodiment of the 
invention, the scrambling register 50 may contain eight 
25 bits. Its size therefore is one byte. This example 
however is not restrictive and the size of the 
scrambling register 50 may differ according to the 
embodiments of the circuit according to the invention. 
For the sake of simplicity, the description shall 
30 hereinafter be limited to the case where the scrambling 
register 50 has the size of one byte. A two-way link 
52 transfers data between the scrambling register 50 
and the multiplexer 34 . 

According to a preferred embodiment of the 
35 invention, an accessory input register 54 is connected 
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firstly to the multiplexer 34, by a two-way link 56, 
and secondly to the encryption module 42, by a two-way 
link 58. Preferably, the accessory input register 54 
has the same size as the scrambling register 50. The 
5 accessory register 54 is indeed designed to receive or 
send scrambling bits from or to the scrambling register 
50. However there is no major drawback if the 
accessory input register 54 has a size different from 
that of the scrambling register 50. 
10 The operation of the circuit according to one 

particular embodiment of the invention is as follows. 
The memory module 30 loads a certain number of bits in 
the form of bytes into the elementary register of the 
battery of input/output registers 32. These bytes 
ft 15 correspond either to a message to be processed or to 

the digital key. When the digital key is loaded from 
the memory 30 into the input /output battery 32, 
scrambling bits are sent randomly on the link 31. The 
scrambling bits are then oriented to the scrambling 
20 register 50 according to different operational modes 
explained here above. The scrambling bits, like the 
other data elements, may be transmitted by bytes. 

A random number of scrambling bytes is 
therefore sent between two bytes carrying information 
25 on the digital key. Should the digital key have a size 
of 8 bytes, a scrambling byte may be transmitted 
between any two bytes encoding the digital key. A 
scrambling byte may also be transmitted before the 
first byte encoding the digital key or again after the 
30 last byte encoding the digital key. Furthermore, a 
random number of scrambling bytes may be sent during 
one and the same loading of a digital key. In this 
example, each scrambling byte sent is always oriented 
towards the scrambling register 50, and each new 
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scrambling byte sent erases the previous scrambling 
byte kept in the scrambling register 50. 

This is also the case for the scrambling 
bytes coming from the processing module 42 and received 
5 by the accessory input register 54. Thus, a person who 
tries to obtain the digital key fraudulently by the 
study of the electrical signals sent by the two-way 
link 31 is doomed to failure. Indeed, the electrical 
signals corresponding to the sending of the scrambling 
10 bytes will distort the statistical studies that would 
have led to the discovery of the digital key. 

The two-way link 52 transfers data between 
the scrambling register 50 and the multiplexer 34 in 
such a way that a study of the electrical signals 
15 between the battery of input/output registers 32 and 

the multiplexer 34, with a view to finding the digital 
\B key, is also doomed to failure. At output of the 

^ multiplexer 34 , the control module 4 0 orients the data 

fy elements coming from the scrambling register 50 to the 

20 accessory input register 54 by the two-way link 56. 

§□ This two-way link may be of the type formed by the 

O 

buses described here above. 

Just as the register 36 and the key register 
38 may have a size similar to that of the register of 

25 the battery of input /output registers 32, it is enough 
for the accessory input register 54 to be of the 
minimum size needed to receive the data elements coming 
from the scrambling register 50. The two-way link 56 
herein also ensures that any statistical study of the 

30 electrical signals exchanged between the multiplexer 34 
and the input register 36 and key register 38 will be 
disturbed. In the same way, the study of the 
electrical signals between the input register 36 and 
the key register 38 is disturbed by the electrical 

35 signals conveyed by the two-way link 58 between the 



accessory input register 54 and the processing module 
42. 

In the preferred embodiment of the invention, 
the accessory input register 54 has an address close to 
the addresses of the input register 36 or of the key 
register 38. A person studying the electrical signals 
exchanged on the different buses thus cannot perceive 
any obvious difference when the addresses of the 
addressee registers are conveyed. When the processing 
module 42 produces the encrypted message that it stores 
in the output register 4 4 by the link 45, it produces 
scrambling bits randomly and not necessarily for each 
encrypted operation. These scrambling bits are stored 
in the accessory input register 54 by the two-way link 
58. The new scrambling bits are also transmitted 
through the multiplexer 34 to the battery of 
input/output registers 50 simultaneously with the 
transmission of the data elements contained in the 
output register 4 4 to the input /output register 32 
through the multiplexer 34. 

A piece of electrical scrambling information 
is thus present during the loading, into the memory 
module 30, of the result of the encryption or 
decryption operation. Thus, a person who might have 
knowledge of the message*, to be encrypted cannot obtain 
knowledge of the encryption result by a statistical 
study of the electrical signals conveyed on the 
different links that come into action. 

The securing circuit and method according to 
the invention can be used for any encryption and 
decryption operation. The circuit and the method 
according to the invention therefore use an electrical 
scrambling signal for all sensitive data transfers 
needed to carry out an encryption or decryption 
operation with a digital key. 



The circuit and the method according to the 
invention make advantageous use of the fact that the 
operations performed within a battery of registers are 
far less accessible than the electrical information 
elements present between the battery of registers and 
various elements of the circuit- 



